8
0
Fork 0
mirror of https://gitlab2.federez.net/re2o/re2o synced 2024-11-21 19:03:11 +00:00
re2o/templates/registration/password_reset_email.html
Alexandre Iooss f4c9ac19cf Override Django Contrib Auth templates
This override Django Contrib Auth templates to make them more integrated
with the user site.

More precisely the breadcrumb now redirects to the index page rather to
the Django Contrib Admin index page.

*It also fix a security vulnerability in Re2o.* Without this patch users
are able to request for a new password AND the existing login name. So
just with access to someone mail, it would be possible to hack into his
account.

And yes, Re2o implements another password system. But this one is not
disabled (see by yourself : https://intranet.crans.org/password_reset/).

This also is part of the Aube patch-set for Re2o and one of Aube goal is
to drop the custom admin password reset system and use the Django
Contrib Auth one.
2019-04-20 19:30:49 +02:00

13 lines
503 B
HTML

{% load i18n %}{% autoescape off %}
{% blocktrans %}You're receiving this email because you requested a password reset for your user account at {{ site_name }}.{% endblocktrans %}
{% trans "Please go to the following page and choose a new password:" %}
{% block reset_link %}
{{ protocol }}://{{ domain }}{% url 'password_reset_confirm' uidb64=uid token=token %}
{% endblock %}
{% trans "Thanks for using our site!" %}
{% blocktrans %}The {{ site_name }} team{% endblocktrans %}
{% endautoescape %}